Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method of verifying a request made by a host in respect of an Internet Protocol v6 (IPv6) address comprising a network routing prefix and a cryptographically generated Interface Identifier, the request including a delegation certificate containing at least a public key of said host, one or more further parameters, a specification of one of a range or set of IPv6 network routing prefixes, an identity of a delegated host, and a digital signature taken over at least said identity and said specification of a range or set of IPv6 network routing prefixes using a private key associated with said public key, the method comprising: verifying that said network routing prefix of said IPv6 address is contained within said specification; verifying that said public key and said further parameter(s) can be used to generate said cryptographically generated Interface Identifier; and verifying said signature using said public key.
A method for verifying an IPv6 address delegation request. The request originates from a host and relates to an IPv6 address constructed from a network routing prefix and a cryptographically generated Interface Identifier. The request includes a delegation certificate containing the host's public key, additional parameters, a range of valid IPv6 network routing prefixes, the identity of the delegated host, and a digital signature computed over the host's identity and the IPv6 prefix range using the host's private key. Verification involves confirming that the IPv6 address's network routing prefix is within the specified range, that the public key and additional parameters can generate the Interface Identifier, and that the signature is valid using the public key.
2. The method according to claim 1 , wherein said one or more further parameters include a modifier.
The method of verifying an IPv6 address delegation request includes a delegation certificate containing the host's public key, additional parameters which include a modifier, a range of valid IPv6 network routing prefixes, the identity of the delegated host, and a digital signature computed over the host's identity and the IPv6 prefix range using the host's private key. Verification involves confirming that the IPv6 address's network routing prefix is within the specified range, that the public key and additional parameters including the modifier can generate the Interface Identifier, and that the signature is valid using the public key. The additional modifier is included in the parameters used to generate the Interface Identifier.
3. The method according to claim 2 , wherein said certificate includes a formula for generating said modifier such that said modifier changes each time an Interface Identifier is generated.
The method of verifying an IPv6 address delegation request includes a delegation certificate containing the host's public key, additional parameters which include a modifier which is created using a formula, a range of valid IPv6 network routing prefixes, the identity of the delegated host, and a digital signature computed over the host's identity and the IPv6 prefix range using the host's private key. Verification involves confirming that the IPv6 address's network routing prefix is within the specified range, that the public key and additional parameters including the modifier can generate the Interface Identifier, and that the signature is valid using the public key. The modifier included in the parameters for generating the Interface Identifier changes each time a new Interface Identifier is generated. This involves the certificate including a formula for dynamically calculating the modifier's value.
4. The method according to claim 1 , wherein said one or more further parameters include one or more extensions.
The method of verifying an IPv6 address delegation request includes a delegation certificate containing the host's public key, additional parameters which include one or more extensions, a range of valid IPv6 network routing prefixes, the identity of the delegated host, and a digital signature computed over the host's identity and the IPv6 prefix range using the host's private key. Verification involves confirming that the IPv6 address's network routing prefix is within the specified range, that the public key and additional parameters including the extension(s) can generate the Interface Identifier, and that the signature is valid using the public key. The additional one or more extensions are included in the parameters used to generate the Interface Identifier.
5. The method according to claim 1 , wherein said range or set of IPv6 network routing prefixes is a subset of all available routing prefixes.
The method of verifying an IPv6 address delegation request includes a delegation certificate containing the host's public key, additional parameters, a range of valid IPv6 network routing prefixes, the identity of the delegated host, and a digital signature computed over the host's identity and the IPv6 prefix range using the host's private key. Verification involves confirming that the IPv6 address's network routing prefix is within the specified range, that the public key and additional parameters can generate the Interface Identifier, and that the signature is valid using the public key. The range of valid IPv6 network routing prefixes specified in the delegation certificate represents a subset of all possible IPv6 routing prefixes.
6. The method according to claim 1 , wherein said specification of a range or set of IPv6 network routing prefixes specifies all available routing prefixes.
The method of verifying an IPv6 address delegation request includes a delegation certificate containing the host's public key, additional parameters, a range of valid IPv6 network routing prefixes, the identity of the delegated host, and a digital signature computed over the host's identity and the IPv6 prefix range using the host's private key. Verification involves confirming that the IPv6 address's network routing prefix is within the specified range, that the public key and additional parameters can generate the Interface Identifier, and that the signature is valid using the public key. The specified range encompasses ALL available IPv6 routing prefixes.
7. The method according to claim 1 , wherein said step of verifying that said public key and said further parameter(s) can be used to generate said cryptographically generated Interface Identifier comprises using said network routing prefix of the IPv6 address in the verification process.
The method of verifying an IPv6 address delegation request includes a delegation certificate containing the host's public key, additional parameters, a range of valid IPv6 network routing prefixes, the identity of the delegated host, and a digital signature computed over the host's identity and the IPv6 prefix range using the host's private key. Verification involves confirming that the IPv6 address's network routing prefix is within the specified range, that the public key and additional parameters can generate the Interface Identifier using the IPv6 address’s network routing prefix in the process, and that the signature is valid using the public key.
8. The method according to claim 1 , wherein said steps of verifying that said public key and said further parameter(s) can be used to generate said cryptographically generated Interface Identifier and to verify said signature using said public key, each utilizing a hashing algorithm.
The method of verifying an IPv6 address delegation request includes a delegation certificate containing the host's public key, additional parameters, a range of valid IPv6 network routing prefixes, the identity of the delegated host, and a digital signature computed over the host's identity and the IPv6 prefix range using the host's private key. Verification involves confirming that the IPv6 address's network routing prefix is within the specified range, that the public key and additional parameters can generate the Interface Identifier using a hashing algorithm, and that the signature is valid using the public key utilizing a hashing algorithm.
9. An Internet Protocol v6 (IPv6) host comprising: a first processor configured to generate a delegation certificate, the certificate containing at least a public key of said host, one or more further parameters, a specification of one of a range or set of IPv6 network routing prefixes, an identity of a delegated host, and a digital signature taken over at least said identity and said specification of a range or set of IPv6 network routing prefixes using a private key associated with said public key, wherein said public key and said one or more further parameters can be used to compute an Interface Identifier part of a Cryptographically Generated Address; an output for providing said certificate to said delegated host; and a second processor configured to generate an Interface Identifier using said public key and said one or more further parameters, and to combine the Interface Identifier with a network routing prefix contained within said range or set of prefixes in order to generate a Cryptographically Generated Address.
An IPv6 host is configured to delegate IPv6 addresses. The host contains a first processor that generates a delegation certificate including the host's public key, additional parameters, a range of valid IPv6 network routing prefixes, the identity of the delegated host, and a digital signature taken over the host's identity and the IPv6 prefix range using the host's associated private key. The public key and additional parameters are used to compute the Interface Identifier part of the Cryptographically Generated Address. It has an output to send this certificate to the delegated host. A second processor generates the Interface Identifier using the public key and extra parameters and combines it with a routing prefix from within the specified IPv6 prefix range to generate a Cryptographically Generated Address.
10. The IPv6 host according to claim 9 , wherein said output is further configured to send a notification to said delegated host when a Cryptographically Generated Address has been generated, the notification containing said Cryptographically Generated Address.
The IPv6 host configured to delegate IPv6 addresses, including a processor that generates a delegation certificate with the host's public key, additional parameters, valid IPv6 network routing prefixes, the identity of the delegated host, and a digital signature. The public key and additional parameters are used to compute the Interface Identifier, and the generated certificate is outputted to the delegated host. A second processor generates the Interface Identifier using the public key and combines it with a prefix to generate a Cryptographically Generated Address. The output also sends a notification to the delegated host when a Cryptographically Generated Address is generated, including the Cryptographically Generated Address in the notification.
11. An Internet Protocol v6 (IPv6) host comprising: a first input for receiving from a peer IPv6 host a delegation certificate, the certificate containing at least a public key of said peer host, one or more further parameters or a formula or formulae for generating one or more further parameters, a specification of one of a range or set of IPv6 network routing prefixes, an identity of the receiving host, and a digital signature taken over at least said identity and said specification of a range or set of IPv6 network routing prefixes using a private key associated with said public key; a second input for receiving from said peer host a notification that the peer host is using a Cryptographically Generated Address mapping to said certificate; and an output for sending a request in respect of the Cryptographically Generated Address to a third party node and for including said certificate in the request.
An IPv6 host is configured to receive delegated IPv6 addresses. A first input receives a delegation certificate from a peer IPv6 host. The certificate includes the peer host's public key, additional parameters, a range of valid IPv6 network routing prefixes, the identity of the receiving host, and a digital signature taken over the receiving host's identity and the IPv6 prefix range using the peer host's private key. A second input receives a notification from the peer host indicating that the peer host is using a Cryptographically Generated Address corresponding to the certificate. An output sends a request regarding the Cryptographically Generated Address to a third party node and includes the delegation certificate in the request.
Unknown
September 23, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.